Chromium Code Reviews Chromium Code Reviews
Issue 714833002:
[ServiceWorker] CSP support for ServiceWorker environment. (Closed)
Base URL: https://chromium.googlesource.com/chromium/blink.git@master| OLD | NEW |
|---|---|
| (Empty) | |
| 1 <?php | |
| 2 header('Content-Type: application/javascript'); | |
| 3 $directive = $_GET['directive']; | |
| 4 | |
| 5 if ($directive == 'default') { | |
| 6 header('Content-Security-Policy: default-src \'self\''); | |
| 7 | |
| 8 ?> | |
| 9 importScripts('worker-testharness.js'); | |
| 10 importScripts('test-helpers.js'); | |
| 11 | |
| 12 test(function() { | |
| 13 var import_script_failed = false; | |
| 14 try { | |
| 15 importScripts('http://localhost:8000/serviceworker/resources/empty.js'); | |
| 16 } catch(e) { | |
| 17 import_script_failed = true; | |
| 18 } | |
| 19 assert_true(import_script_failed, | |
| 20 'Importing the other origins script should fail.'); | |
| 21 }, 'importScripts test for default-src'); | |
| 22 | |
| 23 async_test(function(t) { | |
| 24 fetch('http://localhost:8000/serviceworker/resources/fetch-access-control.ph p?ACAOrigin=*', | |
| 25 {mode: 'cors'}) | |
| 26 .then(function(response){ | |
| 27 assert_unreached('fetch should fail.'); | |
| 28 }, function(){ | |
| 29 t.done(); | |
| 30 }) | |
| 31 .catch(unreached_rejection(t)); | |
| 32 }, 'Fetch test for default-src'); | |
| 33 | |
| 34 <?php | |
| 35 | |
| 36 } if ($directive == 'script') { | |
|
nhiroki
2014/11/12 07:43:14
Can you add a line break before 'if' OR replace 'i
horo
2014/11/12 08:25:41
Done.
| |
| 37 header('Content-Security-Policy: script-src \'self\''); | |
| 38 | |
| 39 ?> | |
| 40 importScripts('worker-testharness.js'); | |
| 41 importScripts('test-helpers.js'); | |
| 42 | |
| 43 test(function() { | |
| 44 var import_script_failed = false; | |
| 45 try { | |
| 46 importScripts('http://localhost:8000/serviceworker/resources/empty.js'); | |
| 47 } catch(e) { | |
| 48 import_script_failed = true; | |
| 49 } | |
| 50 assert_true(import_script_failed, | |
| 51 'Importing the other origins script should fail.'); | |
| 52 }, 'importScripts test for script-src'); | |
| 53 | |
| 54 async_test(function(t) { | |
| 55 fetch('http://localhost:8000/serviceworker/resources/fetch-access-control.ph p?ACAOrigin=*', | |
| 56 {mode: 'cors'}) | |
| 57 .then(function(response){ | |
| 58 t.done(); | |
| 59 }, function(){ | |
| 60 assert_unreached('fetch should not fail.'); | |
| 61 }) | |
| 62 .catch(unreached_rejection(t)); | |
| 63 }, 'Fetch test for script-src'); | |
| 64 | |
| 65 <?php | |
| 66 | |
| 67 } if ($directive == 'connect') { | |
|
nhiroki
2014/11/12 07:43:14
ditto.
horo
2014/11/12 08:25:41
Done.
| |
| 68 header('Content-Security-Policy: connect-src \'self\''); | |
| 69 | |
| 70 ?> | |
| 71 importScripts('worker-testharness.js'); | |
| 72 importScripts('test-helpers.js'); | |
| 73 | |
| 74 test(function() { | |
| 75 var import_script_failed = false; | |
| 76 try { | |
| 77 importScripts('http://localhost:8000/serviceworker/resources/empty.js'); | |
| 78 } catch(e) { | |
| 79 import_script_failed = true; | |
| 80 } | |
| 81 assert_false(import_script_failed, | |
| 82 'Importing the other origins script should not fail.'); | |
| 83 }, 'importScripts test for connect-src'); | |
| 84 | |
| 85 async_test(function(t) { | |
| 86 fetch('http://localhost:8000/serviceworker/resources/fetch-access-control.ph p?ACAOrigin=*', | |
| 87 {mode: 'cors'}) | |
| 88 .then(function(response){ | |
| 89 assert_unreached('fetch should fail.'); | |
| 90 }, function(){ | |
| 91 t.done(); | |
| 92 }) | |
| 93 .catch(unreached_rejection(t)); | |
| 94 }, 'Fetch test for connect-src'); | |
| 95 | |
| 96 <?php | |
| 97 } | |
| 98 ?> | |
| OLD | NEW |
